ClawHub

wx-peitu

Security checks across malware telemetry and agentic risk

Overview

The skill does what it advertises, but it can automatically save article-derived images to the Desktop and upload them to Feishu with broad shortcut triggers and limited consent controls.

Review before installing. Use this skill only for article drafts you are comfortable saving on the local Desktop and uploading to Feishu under the active lark-cli account. Prefer explicit prompts like "generate locally only" or "ask before upload", and avoid Master Mode for confidential, embargoed, client, or personal content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (18)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill directs the agent to create an archive and move it onto the user's Desktop, which expands behavior from illustration generation into unmanaged local file placement. Even if the archive contents are expected images, writing to a prominent user directory without explicit consent increases the risk of unwanted file system modification, confusion, or abuse if the workflow is later extended.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The instructions tell the agent to inspect Windows registry keys and local application paths to discover a Chrome binary. This introduces host-environment reconnaissance unrelated to the core business function of article illustration, and such probing can expose system details or normalize broader local inspection capabilities.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The delivery flow includes shell-style archive creation and file move commands, extending the skill into command execution and filesystem management beyond its stated purpose. This is dangerous because command-capable workflows can be repurposed for unintended local actions, especially when combined with variable article names or future untrusted inputs.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The file is a full specification for generating React/HTML design drafts, component files, and code-edit workflows, which materially diverges from the declared skill purpose of converting markdown articles into PNG image packs synced to Feishu cloud drive. This creates a scope-confusion vulnerability: an agent may perform unintended code-generation or editing actions outside the skill’s advertised boundaries, increasing the chance of misuse and unsafe invocation.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The interactive edit guide explicitly instructs the agent to modify files such as data.js and App.jsx and promotes iterative code-edit workflows, directly conflicting with the skill-level rule 'Do NOT use for editing existing code.' Contradictory instructions are dangerous because agents often privilege detailed local guidance, causing the skill to be used for unauthorized code modification instead of image generation.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The workflow goes beyond image generation and includes local command execution, Chrome path discovery via registry queries, opening Explorer, changing directories, and invoking an external cloud-drive CLI. In an agent setting, these steps create unnecessary host interaction and external side effects, increasing the risk of unintended command execution, data exposure, and abuse of local credentials or synced storage.

Context-Inappropriate Capability

Low
Confidence
83% confidence
Finding
The skill writes generated files to a persistent Desktop folder derived from article names, which is not strictly necessary for the stated transformation task. Persistent local writes can leak sensitive article topics, clutter user systems, and create overwrite or privacy issues if filenames contain confidential content.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad conversational phrases such as “大师推荐”, “你定”, and “直接来”, which are common in ordinary chat and not specific to this skill. In an agent environment, this can cause unintended activation of the skill, leading to unexpected processing of user content, network access, or side effects such as generating assets or initiating downstream upload workflows.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises automatic synchronization to Feishu cloud storage but does not present a clear user-facing privacy warning, consent step, or data handling boundaries near that claim. Because the skill processes article content and generated images, implicit cloud upload can expose sensitive drafts, proprietary content, or personal data to external services without the user's informed approval.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill's Master Mode performs automatic generation, local file writes, and Feishu cloud synchronization after vague trigger phrases like '大师推荐' or '直接来', but it does not require an explicit consent step for those side effects. This is dangerous because normal conversational input can unintentionally trigger data persistence and third-party upload of potentially sensitive article content and generated images.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The top-level task description states that the workflow saves output to the desktop folder but does not present this as a prominent user-facing warning or side effect requiring acknowledgment. This can surprise users and cause unintended local data storage on shared or managed devices, increasing exposure of confidential drafts or proprietary content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs automatic synchronization of generated assets to Feishu cloud storage but lacks a clear privacy warning that user article content and derived images will leave the local environment. Because articles may contain embargoed, internal, or personal information, silent upload to a third-party cloud service creates a meaningful confidentiality and compliance risk.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The templates explicitly instruct loading Google Fonts and remote image URLs, which causes outbound requests to third-party services during rendering. In this skill, article content, image selections, and renderer metadata may be exposed indirectly through those requests, creating a privacy and data-governance issue even if it is not an exploit in the classic RCE sense.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Saving generated files directly to the user's Desktop without an explicit warning or consent step is an unsafe file-write pattern. In this skill context, the action is not necessary to fulfill image generation itself and increases the chance of surprising local side effects or persistence in a user-visible location.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill requires fetching external images from third-party sites and rendering them for screenshots, but provides no user-facing notice that article-derived topics may be sent over the network. This can leak sensitive subject matter, create compliance issues, and introduce dependency on untrusted remote content into the rendering pipeline.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes broad natural-language terms like “多图”, “配图”, and “全套”, which can cause accidental invocation outside the intended公众号 long-form illustration context. In an agent environment, overbroad activation can route unrelated content into a workflow that performs file generation and possible cloud sync side effects.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Phrases like “大师推荐”, “你定”, and “直接来” are treated as shortcuts that skip confirmation points and let the workflow auto-decide outputs. This weakens informed consent and increases the chance that the agent performs generation, local writes, or uploads without the user understanding the resulting actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The workflow mandates automatic desktop writes, file replacement, and Feishu cloud synchronization without clearly surfacing data handling or system-impact warnings to the user. Because the skill processes article content that may be sensitive, automatic persistence and third-party upload can cause confidentiality leaks and unwanted modification of local or cloud state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal